Effective date: 2020

Residence de Caen Ltee (“Residence de Caen” or “we”) is a family owned entity incorporated in Mauritius as a
private company limited by shares, bearing the Business Registration Certificate No. C18155633, and having it
registered office at Sir William Newton Street, c/o MUA Stockbroking Ltd, 3rd floor, Travel House, Port Louis,

Residence de Caen is the promoter of a residential care home, which will comprise of (78) studios and 1 to 2
bedrooms apartments, proposed to be given on a long–term lease of 99 years, and 20 frail care units, known as
Residence Les Buissonnets (the “Project”). The Project has been approved by the Economic Development Board
of Mauritius pursuant to the Economic Development Board (Property Development Scheme) Regulations 2015.

Pursuant to the Registration Certificate issued by the Economic Development Board, Residence de Caen has
obtained a license under the Residential Care Home Act, 2006, and a licence as Private Health Institution under
the Private Health Institution Act, 2007.

Once the Project completed, Residence les Buissonnets will be governed by Occupancy Rules to be binding upon
each resident and/or lessee as the case may be. The Occupancy Rules outline the wide range services offered by
Residence de Caen to future residents and/or lessees (as the case may be).
By expressing an interest in visiting this website, Residence de Caen may have access to, and Process your Personal
Data, as future lessee and/or resident of Residence Les Buissonnets.
Residence De Caen is duly registered as Data Controller with the Data Protection Commission of Mauritius.

Residence de Caen respects your privacy and is committed to protecting your Personal Data, as defined under the
Data Protection Act 2017 in Mauritius (the “Act”), and where applicable, the European Union Regulation 2016/679
Data Protection Regulation on the protection of natural persons with regard to the processing of personal data
and on the free movement of such data, known as General Data Protection Regulation (“GDPR”).
This Privacy Policy informs you as to the purpose we collect your Personal Data through your use of our website,
including any data you may provide through our website when you sign up to receive further information on the
Project, how we process your Personal Data, and tells you about your privacy rights.
We may need to regularly update this Privacy Policy and changes will be made to this page and we would suggest
that you review this regularly. We may also, where appropriate, inform you of any material changes through our
Personal Data that we collect are as follows:

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.
Aggregated Data could be derived from your personal data but is not considered personal data in law as this data
will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the
percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with
your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data
which will be used in accordance with this Privacy Policy.

We collect Personal Data as follows:
(i) By direct interaction, when you fill in a registration or contact form required for the purpose of
processing your expression of interest in our Project, and eventually when pursuing and formalizing a
contractual agreement with you in respect of the Project. In these circumstances, we may keep a record
of the exchange of correspondence with you.
(ii) Automated technologies or interaction, when interacting with our website, we may:
– automatically collect Technical Data about the equipment used by you, browsing actions and patterns,
traffic data;
– collect such Personal Data by using cookies, server logs and other similar technologies;
– receive Technical Data when visiting other websites employing our cookies.
(iii) Third parties or publicly available sources, such as Technical Data from the following parties: (a)
analytics providers such as Google; (b) advertising networks inside and outside Mauritius; and (c) search
information providers inside and outside Mauritius.

We will only use Personal Data when the law allows us to do so. Most commonly, we will use your Personal Data
in the following circumstances:
(i) We may send you information relating to the Project, which may be of interest to you. If you have
consented to receive marketing emails, your explicit consent is required. If you exercise your right to
stop us from contacting you for marketing purposes, please contact us on the below contact details.
However, please note that we will retain minimum Personal Data to note that you opted out in order to
avoid contacting you again.
(ii) Where it is necessary for our legitimate interest (or those of a third party) and the interests and your
fundamental rights as Data Subject do not override those interests; and
(iii) Where we are required to comply with a legal or regulatory obligation.
We will process Personal Data for the purposes mentioned above based on your prior consent, to the extent such
consent is mandatory under applicable laws.
Identity Data first name, last name, age, company name, username or similar identifier,
title and gender.
Contact Data registered address, email address and telephone numbers.
Financial data Bank information details, account number.
Technical Data
internet protocol (IP) address, your login data, browser type and version, time zone
setting and location, browser plug-in types and versions, operating system and
platform, and other technology on the devices used to access our website.
Profile Data username and password, preferences, interests, feedback and survey responses.
Usage Data information about how you use our website.

Except for certain information that is required by law, the decision to provide any Personal Data to us
is voluntary.
There will be no adverse consequences if you does not wish to provide us with your Personal Data, or
you fail to provide the data when requested. However, failure to provide certain information would
not allow us to accomplish some or all of the purposes outlined in this Privacy Policy, in particular, we
may not be able to perform the contract we have or are trying to enter into with you.

In relation to the purpose for which Residence de Caen processes Personal Data, Personal Data may be shared
(i) Employees of Residence de Caen;
(ii) Notary, accountants, auditors, lawyers, insurers, bankers, and other external professional advisors;
(iii) Any public or enforcement authority in Mauritius or elsewhere, or in case of a court, administrative or
governmental order to do so.
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it
for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We
may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is
a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity
of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the
purposes for which we process your Personal Data and whether we can achieve those purposes through other
means, and the applicable legal, regulatory, tax, accounting or other requirements.
In the circumstances and under the conditions, and subject to the exceptions, set out in applicable laws, you have
the right:
(i) to access your Personal Data, for example by requesting a copy thereof;
(ii) to request correction of incomplete or inaccurate Personal Data;
(iii) to request deletion or removal of your Personal Data for a valid reason. However, we may not always
be able to comply with a request of erasure for specific legal reasons which will be notified to you, if
applicable, at the time of your request;
(iv) to object to processing for a valid reason;
(v) to request restriction of processing, for example, to request that we suspend the processing of Personal
Data for a valid reason;
(vi) to withdraw consent at any time in which case we may not be able to provide you information about the
(vii) to lodge a complaint at any time with the Data Protection Commissioner of Mauritius (DPC). If you are
an EU citizen, you have the right to lodge a complaint with the regulatory authority of the country your
residence, or where the data breach has occurred.
If you wish to exercise any of the rights set out above or needs any clarification thereon, please contact
us on the below contact details.
We would appreciate the chance to deal with your concerns before you approach the DPC or any
regulator, so please contact us in the first instance.
We will try to respond to all legitimate requests within one (1) month. Occasionally it may take us
longer than a month if the request is particularly complex or you have made a number of requests. In
this case, we will notify you and keep you updated.
We enter into a Data Processing Agreement with our service providers and ensure that as data Processor they
protect your Personal Data by maintaining physical, technical and organisational security measures to prevent risk
of accidental loss, misuse, unauthorized access, disclosure, destruction and alteration of Personal Data, and to
protect the Personal Data from any harm that may result therefrom.
1.1 We require our service providers to comply with the Data Protection Act, 2017 (the “Act”) and the General
Data Protection Regulation (the “GDPR”) as applicable and any legislation that subsequently adds to or
amends the Act or the GDPR.
1.2 We require our service providers to take all necessary measures to protect any Personal Data (as defined
under the Act or the GDPR) provided by the Promoter prior to this Agreement and/or generated in
furtherance of the services provided under this Agreement.
Security measures required from our services include :
(i) Pseudonymisation, Encryption of Personal Data;
(ii) Procedure in case of breach or suspected breach of Personal Data;
(iii) Disaster recovery, business continuity and resilience of processing systems and services;
(iv) Access authorisation controls and password;
(v) Firewalls
(vi) Restricting access to Personal Data to our employees, agents, and other third parties on a need to know
basis and involved in or otherwise engaged in the promotion of the Project;
(vii) Ensuring that employees, agents, and service providers will only process your Personal Data on our
instructions, subject always to a duty of confidentiality.
We will report any breaches of Personal Data held by us to the DPC as required under the Act, within seventytwo
(72) hours or to the supervisory authority of the relevant EU member state in within such delay as may be
prescribed, of becoming aware of such a breach, which includes accidental or unlawful destruction, loss, alteration,
unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
We do not transfer Personal Data outside Mauritius.
Please contact us if you want further information on the specific mechanism used by us when transferring your
personal data out of Mauritius.
If you have any questions about this Privacy Policy, please contact us:
• Attention: Data Protection Officer
• By e-mail:
• By phone number:
To confirm that you have read, understood and agreeable to the terms of this Privacy Policy, please click on the
box below :